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Abstract 


RFC 3263 defines how a Session Initiation Protocol (SIP) 
implementation, given a SIP Uniform Resource Identifier (URI), should 
locate the next-hop SIP server using Domain Name System (DNS) 
procedures. As SIP networks increasingly transition from IPv4-only 
to dual-stack, a quality user experience must be ensured for dual- 
stack SIP implementations. This document updates the DNS procedures 
described in RFC 3263 for dual-stack SIP implementations in 
preparation for forthcoming specifications for applying "Happy 
Eyeballs" principles to SIP. 
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This is an Internet Standards Track document. 
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Internet Engineering Steering Group (IESG). Further information on 


Internet Standards is available in Section 2 of RFC 7841. 
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http://www.rfc-editor.org/info/rfc7984. 
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1. Introduction 


The Session Initiation Protocol (SIP) [RFC3261] and the additional 
documents that extended it provide support for both IPv4 and IPv6. 


However, this support does not fully extend to the highly hybridized 


environments that are characteristic of the transitional migratory 


= 
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phase from IPv4 to IPv6 networks. During this phase, many server and 


client implementations run on dual-stack hosts. In such 


environments, a dual-stack host will likely suffer greater connection 


delay, and by extension an inferior user experience, than an 
IPv4-only host. The need to remedy this diminished performance of 
dual-stack hosts led to the development of the "Happy Eyeballs" 
[RFC6555] algorithm, which has since been implemented in many 
protocols and applications. 
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This document updates the DNS lookup procedures of RFC 3263 [RFC3263] 
in preparation for the specification of the application of Happy 
Eyeballs to SIP. Happy Eyeballs will provide enhanced performance, 
and consequently enhanced user experience, in highly hybridized dual- 
stack SIP networks. The procedures described herein are such that a 
dual-stack client should look up both A and AAAA records in DNS and 
then select the best way to set up a network flow. The details of 
how the latter is done is considered out of scope for this document. 
See the Happy Eyeballs algorithm and implementation and design 
considerations in RFC 6555 [RFC6555] for more information about 
issues with setting up dual-stack network flows. 


Section 4 of this document clarifies the interaction of [RFC3263] 
with [RFC6157] and [RFC6724]. 


2. Terminology 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", “SHALL NOT", 
"SHOULD", “SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in RFC 2119 [RFC2119]. 


RFC 3261 [RFC3261] defines additional terms used in this document 
that are specific to the SIP domain such as "proxy", "registrar", 
"redirect server", "user agent server" or "UAS", "user agent client" 
or "UAC", “back-to-back user agent" or "B2BUA", "dialog", 
"transaction", and "server transaction". 


This document uses the term "SIP server" that is defined to include 
the following SIP entities: user agent server, registrar, redirect 
server, a SIP proxy in the role of user agent server, and a B2BUA in 
the role of a user agent server. 


While this document focuses on the dual-stack situation described in 
RFC 6555 and other documents, concerning the migration from an 
IPv4-only network to a network supporting both IPv4 and IPv6, the 
techniques described can be used in other situations. Possible 
situations include when a device has multiple interfaces with 
distinct addressing characteristics and when additional IP address 
families are created in the future. This document uses the general 
term "dual-stack" to include all situations where the client has 
access to multiple communication methods that have distinct 
addressing characteristics. 


The term "address records" means the DNS records that translate a 
domain name into addresses within the address family or families that 
the entity supports (as A records provide IPv4 addresses and AAAA 
records provide IPv6 addresses), regardless of whether the address 
family was defined before or after this document was approved. 
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3. DNS Procedures in a Dual-Stack Network 


This specification introduces two normative DNS lookup procedures. 
These are designed to improve the performance of dual-stack clients 
in IPv4/IPv6 networks. 


3.1. Dual-Stack SIP UA DNS Record Lookup Procedure 


Once the transport protocol has been determined, the procedure for 
discovering an IP address if the TARGET is not a numeric IP address 
but the port is explicitly stated in the URI, is detailed in 
Section 4.2 of RFC 3263 [RFC3263]. The piece relevant to this 
discussion is: 


If the TARGET was not a numeric IP address, but a port is present 
in the URI, the client performs an A or AAAA record lookup of the 
domain name. The result will be a list of IP addresses, each of 
which can be contacted at the specific port from the URI and 
transport protocol determined previously. 


Section 4.2 of RFC 3263 [RFC3263] also goes on to describe the 
procedure for discovering an IP address if the TARGET is not a 
numeric IP address, and no port is present in the URI. The piece 
relevant to this discussion is: 


If no SRV records were found, the client performs an A or AAAA 
record lookup of the domain name. The result will be a list of IP 
addresses, each of which can be contacted using the transport 
protocol determined previously, at the default port for that 
transport. Processing then proceeds as described above for an 
explicit port once the A or AAAA records have been looked up. 


Happy Eyeballs [RFC6555] documents that looking up the "A or AAAA 
record" is not an effective practice for dual-stack clients and that 
it can add significant connection delay and greatly degrade user 
experience. Therefore, this document makes the following normative 
addendum to the DNS lookup procedures in Section 4.2 of RFC 3263 
[RFC3263] for IPv4/IPv6 hybrid SIP networks and recommends it as a 
best practice for such dual-stack networks: 


The dual-stack client SHOULD look up address records for all 
address families that it supports for the domain name and add the 
resulting addresses to the list of IP addresses to be contacted. 
A client MUST be prepared for the existence of DNS resource 
records containing addresses in families that it does not support; 
if such records may be returned by the client’s DNS queries, such 
records MUST be ignored as unusable and the supported addresses 
used as specified herein. 
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3.2. Indicating Address Family Preference in DNS SRV Records 


The Happy Eyeballs algorithm [RFC6555] is particularly effective for 
dual-stack HTTP client applications that have significant performance 
differences between their IPv4 and IPv6 network paths. This is 
because the client can initiate two TCP connections to the server, 
one using IPv4 and one using IPv6, and then use the connection that 
completes first. This works properly because the client can test 
each route by initiating a TCP connection, but simply opening a TCP 
connection to an HTTP server does not change the server’s state; the 
client will send the HTTP request on only one connection. 


Unfortunately, in common SIP situations, it is not possible to "race" 
simultaneous request attempts using two address families. If the SIP 
requests are transmitted as single UDP packets, sending two copies of 
the request to two different addresses risks having two copies of the 
request propagating through the SIP network at the same time. The 
difference between SIP and HTTP is that in SIP, the sender cannot 
test a route in a non-state-changing way. 


(If two copies of the same request arrive at the destination client, 
the client SHOULD reject the second of them with a response code of 
482 [RFC3261]. To convey information on why the request was rejected 
to the originator, the client can include a descriptive reason 
phrase, for example, "Merged Request". However, issuing the 482 
response is not sufficient to prevent user-visible differences in 
behavior. A proxy that is upstream of the second request to arrive 
at the client may (almost immediately!) serially fork the second 
request to further destinations (e.g., the voicemail service for the 
destination client) .) 


In this common scenario, it is often necessary for a dual-stack 
client to indicate a preference for either IPv4 or IPv6. A service 
may use DNS SRV records to indicate such a preference for an address 
family. This way, a server with a high-latency and/or low-capacity 
IPv4 tunnel may indicate a preference for being contacted using IPv6. 
A server that wishes to do this can use the lowest SRV priority to 
publish host names that only resolve in IPv6 and the next priority 
with host names that resolve in both address families. 


Note that host names that have addresses in only one address family 
are discouraged by [RFC6555]. Such special-purpose host names SHOULD 
be used only as described in this section, as targets of SRV records 
for an aggregate host name, where the aggregate host name ultimately 
resolves to addresses in all families supported by the client. 
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4. Clarification of Interaction with RFC 6724 


Section 5 of [RFC6157] specifies that the addresses from the address 
records for a single target DNS name for a server’s DNS name must be 
contacted in the order specified by the source and destination 
address selection algorithms defined in [RFC6724]. The set of 
addresses provided to a single invocation of the destination address 
selection algorithm MUST be the address records for the target DNS 
name in a single SRV record (or, if there are no SRV records, the DNS 
name in the URI or derived via NAPTR) -- the destination address 
selection algorithm MUST NOT reorder addresses derived from different 
SRV records. Typically, destination address selection is done by 
using the (relatively new) getaddrinfo() function to translate the 
target DNS name into a list of IPv4 and/or IPv6 addresses in the 
order in which they are to be contacted, as that function implements 
[RFC6724]. 


Thus, if SRV lookup on the server’s DNS name is successful, the major 
ordering of the complete list of destination addresses is determined 
by the priority and weight fields of the SRV records (as specified in 
[RFC2782]), and the (minor) ordering among the destinations derived 
from the "target" field of a single SRV record is determined by 
[RFC6724]. 


For example, consider a server with DNS name example.com, with TCP 
transport specified. The relevant SRV records for example.com are: 


_sip._tcp.example.com. 300 IN SRV 10 1 5060 sip-l.example.com. 
_sip._tcp.example.com. 300 IN SRV 20 1 5060 sip-2.example.com. 


The processing of [RFC2782] results in this ordered list of target 
domain names: 


sip-1l.example.com 
sip-2.example.com 


The address records for sip-l.example.com, as ordered by [RFC6724], 
are: 


sip-l.example.com. 300 IN AAAA 2001:0db8:58:c02::face 
sip-l.example.com. 300 IN AAAA 2001:0db8:c:a06::2:cafe 
Sip-l.example.com. 300 IN AAAA 2001:0db8:44:204::dlce 
Ssip-l.example.com. 300 IN A 192.0.2.45 
Sip-l.example.com. 300 IN A 203.0.113.109 
sip-l.example.com. 300 IN A 198.51.100.24 
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And the address records for sip-2.example.com, as ordered by 
[RFC6724], are: 


sip-2.example.com. 300 IN AAAA 2001:0db8:58:c02::dead 
sip-2.example.com. 300 IN AAAA 2001:0db8:c:a06::2:beef 
sip-2.example.com. 300 IN AAAA 2001:0db8:44:204::c0de 
sip-2.example.com. 300 IN A 192.0.2.75 
sip-2.example.com. 300 IN A 203.0.113.38 
sip-2.example.com. 300 IN A 198.51.100.140 


Thus, the complete list of destination addresses has this ordering: 


2001:0db8:58:c02::face 
2001:0db8:c:a06::2:cafe 
2001:0db8:44:204::dlce 
192.0.2.45 
203.0.113.109 
198.51.100.24 
2001:0db8:58:c02::dead 
2001:0db8:c:a06::2:beef 
2001:0db8:44:204::c0de 
192.0.2.75 

203.0.113.38 
198.51.100.140 


In particular, the destination addresses derived from 
sip-l.example.com and those derived from sip-2.example.com are not 
interleaved; [RFC6724] does not operate on the complete list. This 
would be true even if the two SRV records had the same priority and 
were (randomly) ordered based on their weights, as the address 
records of two target DNS names are never interleaved. 


5. Security Considerations 


This document introduces two new normative procedures to the existing 
DNS procedures used to locate SIP servers. A client may contact 
additional target addresses for a URI beyond those prescribed in 
[RFC3263], and/or it may contact target addresses in a different 
order than prescribed in [RFC3263]. Neither of these changes 
introduce any new security considerations because it has always been 
assumed that a client desiring to send to a URI may contact any of 
its targets that are listed in DNS. 


The specific security vulnerabilities, attacks, and threat models of 
the various protocols discussed in this document (SIP, DNS, SRV 
records, Happy Eyeballs requirements and algorithm, etc.) are well 
documented in their respective specifications. 
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